If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Not sure if checkpoint has the ability to set it to not allow spoofed IP's. I know on all my cisco firewalls I have anti spoofing turned on. Pretty much if I can't do a reverse look up back to you, your not connecting..

Originally posted here by steve.milner If they are using spoofed IP Address then they can't be expecting to get a connection, since the return address will not be correct.

However, are you seeing any other attempts from other 'more real' looking IPs at the same time, since if they are trying to probe & get some information back, one of thes addresses will be real.

Steve

Nothing that seems to have any pattern or structure Steve.

Originally posted here by symtech Not sure if checkpoint has the ability to set it to not allow spoofed IP's. I know on all my cisco firewalls I have anti spoofing turned on. Pretty much if I can't do a reverse look up back to you, your not connecting..

Do you have a syslog or anything running?

Yes checkpoint can disallow spoofing, that's why this cowboy is being dropped.

DjM: Are you allowing outside client's to connect t you're proxy on port 80 do you even have a proxy server running on port 80 ?that can be used to probe the internal LAN like a port scan like doing http://&lt;ip&gt;:25 im not wanting to get right in to it the now i have had a few beers but that could be causing the localhost queries to ports on the lan

By the sacred **** of the sacred psychedelic tibetan yeti ....We\'ll smoke the chinese out

Originally posted here by prodikal DjM: Are you allowing outside client's to connect t you're proxy on port 80 do you even have a proxy server running on port 80 ?that can be used to probe the internal LAN like a port scan like doing http://&lt;ip&gt;:25 im not wanting to get right in to it the now i have had a few beers but that could be causing the localhost queries to ports on the lan

Short answer, no. We don't have a proxy.

Thanks for your help, go have a few more beers and let me know if you come up with anything else. (some of my best work is done with a belly full of beer)

Originally posted here by Tedob1 sounds more like an attempted smurf attack rather than an intruder. you should deny incomming 127.0.0.1 at your router

Yea, this is what I would like to do too Tedob1, however the router is owned and controlled by our current ISP, who, like I said, is a little pissed at us, I doubt they would put any priority on putting in that router rule for us.

the router that connect us to the internet is owned by UUnet but when they set it up they gave me the user name and password so i can make changes. call them ask them, what have you got to loose. if worse comes to worse get another router

Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”